A Flaw In Slack, The Group Messaging App That's Going Viral In Silicon Valley, Exposes The Names Of Chat Rooms To Anybody
When using the Slack client for Mac, Sai discovered that you can visit Slack.com, enter a fake email address with any real company domain (like Apple.com, Google.com, etc.), and you can see all of the internal Slack teams associated with that company.
You can't enter the Slack rooms, but you can see the names of the rooms. As Sam Biddle at Valleywag points out:
Sure, you can't actually join the teams, or see what channels exist within them, or read a single letter that's been exchanged. But I now know there's a Slack team at Google called "Tribe Wearables"-does that mean they acquired this company? Even if this isn't sensitive information, it's still information-and that's not what people are paying Slack to do.
In some cases, performing this maneuver lets you see what these companies are working on. Check it out:
And The New York Times:
And The Wall Street Journal:
And last but certainly not least, Slack:
You can try this with basically any company you can think of - Slack is particularly hot among Silicon Valley startups.
We've reached out to Slack for comment, and the company said it would get back to us shortly.
- Poco X5 Pro Review - Solid performance, boring design
- PM launches 20% ethanol blended petrol in 11 states/UTs
- ITC stock scales 52-week high as brokerages hike target price
- Last mile deliveries, food aggregators to drive E2W growth says Redseer
- Poco’s mid-range smartphone X5 Pro 5G launched in India starting at ₹22,999